Google Android System Buffer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the wnmparseneighborreportelem of wnmsta.c file in Android. The vulnerability stems from a network system or product performing operation...

CVE-2018-17201

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...

UBUNTU-CVE-2019-11640

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function recfexparsestrsimple at rec-fex.c in librec.a...

PT-2019-10260 · Sass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: LibSass versions 3.5.5 and earlier Description: The parsing component in LibSass allows attackers to cause a denial-of-service due to uncontrolled recursion in Sass::Parser::parse css variable value in parser.cpp. Recommendations: For LibSass...

Authentication flaw

XXE issue in Airsonic before 10.1.2 during parse...

CVE-2018-20222

XXE issue in Airsonic before 10.1.2 during parse...

PT-2019-8748 · Open Information Security Foundation · Suricata

Name of the Vulnerable Software and Affected Versions: Suricata version 4.0.4 Description: The issue arises from incorrect handling of the SSH banner parsing in Suricata. A malformed SSH banner can cause the parsing code to read beyond the allocated data due to the lack of a length check in the...

The vulnerability of the parseAuthorizationHeader function in the Live555 library of the liblivemedia package allows a attacker to execute arbitrary code or cause a service denial.

The vulnerability of the parseAuthorizationHeader function in the Live555 library from the liblivemedia package exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...

[SECURITY] Fedora 29 Update: podofo-0.9.6-6.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

DEBIAN-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

ALPINE-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

UBUNTU-CVE-2018-17419

An issue was discovered in setTA in scanrr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone parsing error causes a segmentation violation, leading to denial of service...

PT-2019-4598 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.x through 2.7.16 and 3.x through 3.7.2 Description: The issue is related to improper handling of Unicode encoding during NFKC normalization, which can lead to information disclosure, including credentials and cookies cache...

UBUNTU-CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

UBUNTU-CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

DEBIAN-CVE-2018-5819

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

DEBIAN-CVE-2018-5818

An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...

UBUNTU-CVE-2018-5819

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

[SECURITY] Fedora 29 Update: podofo-0.9.6-5.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

Node.js third-party modules: [url-parse] Improper Validation and Sanitization

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Improper...